/
Navigation
C
Chronicles
Browse all articles
C
E
Explore
Semantic exploration
E
R
Research
Entity momentum
R
N
Nexus
Correlations & relationships
N
~
Story Arc
Topic evolution
S
Drift Map
Semantic trajectory animation
D
P
Posts
Analysis & commentary
P
Browse
@
Entities
Companies, people, products, technologies
Domains
Browse by publication source
Handles
Browse by social media handle
Detection
?
Concept Search
Semantic similarity search
!
High Impact Stories
Top coverage by position
+
Sentiment Analysis
Positive/negative coverage
*
Anomaly Detection
Unusual coverage patterns
Analysis
vs
Rivalry Report
Compare two entities head-to-head
/\
Semantic Pivots
Narrative discontinuities
!!
Crisis Response
Event recovery patterns
Connected
Nav: C E R N
Search: /
Command: ⌘K
Embeddings: large
VOICE ARCHIVE

@jacobian

@jacobian
7 posts
2022-04-18
If you run apps on Heroku you should be keeping an eye on this incident: https://status.heroku.com/... The GitHub breach disclosed earlier involved oauth tokens belonging to the Heroku Dashboard, so there's a very high likelihood that some part of Heroku got popped too.
2022-04-18 View on X
BleepingComputer

GitHub says an attacker used stolen OAuth user tokens issued to Heroku and Travis-CI to steal private repository data from dozens of organizations including npm

GitHub revealed today that an attacker is using stolen user tokens (issued to Heroku and Travis-CI OAuth) to download data from private repositories.Source:The GitHub BlogandHeroku...

View original
2022-04-17
If you run apps on Heroku you should be keeping an eye on this incident: https://status.heroku.com/... The GitHub breach disclosed earlier involved oauth tokens belonging to the Heroku Dashboard, so there's a very high likelihood that some part of Heroku got popped too.
2022-04-17 View on X
BleepingComputer

GitHub says an attacker used stolen OAuth user tokens issued to Heroku and Travis-CI to steal private repository data from dozens of organizations including npm

GitHub revealed today that an attacker is using stolen user tokens (issued to Heroku and Travis-CI OAuth) to download data from private repositories. Source: The GitHub Blog and He...

View original
2022-04-16
If you run apps on Heroku you should be keeping an eye on this incident: https://status.heroku.com/... The GitHub breach disclosed earlier involved oauth tokens belonging to the Heroku Dashboard, so there's a very high likelihood that some part of Heroku got popped too.
2022-04-16 View on X
BleepingComputer

GitHub says an attacker used stolen OAuth user tokens issued to Heroku and Travis-CI to download data from private repositories belonging to npm and other orgs

GitHub revealed today that an attacker is using stolen user tokens (issued to Heroku and Travis-CI OAuth) to download data from private repositories. Source: The GitHub Blog and He...

View original
2022-02-08
This is good news, but it doesn't clearly say if the IRS is getting rid of https://id.me/ entirely or not. I hope it's it is; it's fucking bonkers that the IRS is using a private company for auth when https://login.gov/ is RIGHT THERE. https://www.nytimes.com/...
2022-02-08 View on X
New York Times

The IRS says it will transition away from using facial recognition for identity verification, after a bipartisan backlash regarding its use of ID.me services

Alan Rappeport / New York Times :

View original
2021-12-11
📢 Folks, an extraordinarily bad RCE in log4j dropped today. If you use a JVM, your code or a dep probably uses log4j; you're vulnerable if you log user-supplied data. I know it's late but this one's bad enough it's worth starting your IR process now, or first thing tmrw. [1/2]
2021-12-11 View on X
LunaSec Blog

A vulnerability in the Apache log4j Java logging library allows for remote code execution, impacting Steam, iCloud, Minecraft, and other services

A few hours ago, a -day exploit in the popular Java logging library, log4j, was tweeted along with a POC posted on GitHub that results …

View original
2021-03-04
I'm happy for the Auth0 team who deserve the riches I hope they'll see from this sale. For everyone else, I'm afraid this is pretty bad news :( Okta basically becomes a monopoly in the space now. https://twitter.com/...
2021-03-04 View on X
Forbes

Publicly traded identity management company Okta says it is acquiring Auth0, one of its biggest challengers, in an all-stock deal valued at $6.5B

that's a biggie. https://www.cnbc.com/... #oktasponsor #okta Clueless / @clueless_1337 : Turns out $OKTA bought Auth0 and solidified its lead-in IAM. Guess it's a clear monopoly ri...

View original
2021-02-11
Yikes, this is really bad: https://medium.com/... I'm not sure what the fix looks like. For now, if you're using private package repos, be extremely careful until a more holistic fix can be made. https://twitter.com/...
2021-02-11 View on X
BleepingComputer

A researcher was able to breach 35+ companies, including Microsoft and Apple, using a software supply chain attack that leveraged an open source ecosystem flaw

here's how to protect against it Tweets: Pukhraj Singh / @rungrage : Being so out in the public domain, this is going to be a house of pain for software companies. On the policy si...

View original